Computer systems often contain valuable and/or sensitive information, control access to such information, or play an integral role in securing physical locations and assets. The security of information, assets and locations is only as good as the weakest link in the security chain, so it is important that computers reliably be able to distinguish authorized personnel from impostors. In the past, computer security has largely depended on secret passwords. Unfortunately, users often choose passwords that are easy to guess or that are simple enough to determine via exhaustive search or other means. When passwords of greater complexity are assigned, users may find them hard to remember, so may write them down, thus creating a new, different security vulnerability.
Various approaches have been tried to improve the security of computer systems. For example, in “have something, know something” schemes, a prospective user must know a password (or other secret code) and have (or prove possession of) a physical token such as a key or an identification card. Such schemes usually provide better authentication than passwords alone, but an authorized user can still permit an unauthorized user to use the system simply by giving the token and the secret code to the unauthorized user.
Other authentication methods rely on measurements of unique physical characteristics (“biometrics”) of users to identify authorized users. For example, fingerprints, voice patterns and retinal images have all been used with some success. However, these methods usually require special hardware to implement (e.g. fingerprint or retinal cameras; audio input facilities).
Techniques have been developed that permit computer users to be authenticated at machines without any special hardware. For example, U.S. patent application Ser. No. 4,805,222 to Young et al. describes verifying the identity of an individual based on timing data collected while he types on a keyboard. Identification is accomplished by a simple statistical method that treats the collected data as an n-dimensional vector and computes the distance between this vector and a target vector. More sophisticated analyses have also been proposed. For example, U.S. Pat. No. 6,151,593 to Cho et al. suggests using a neural network to classify keystroke timing vectors.
The problem of comparing a biometric sample to a template or reference sample to determine whether the samples describe the same person is a difficult one. Improved algorithms to validate biometric samples may be useful in producing more accurate identifications with reduced false acceptance rates (“FAR”) and false reject rates (“FRR”). In any ‘generic’ comparison technique, using the natural behavior of the data to study the data is a proved methodology i.e. in case of behavioral biometrics the measurements are not repeatable and hence using the ‘variance’ nature of the data to study the data is a logical methodology.